Howard Schmidt, the recently departed White House cybersecurity coordinator, served in this position for the last two and a half years. His time as a White House advisor taught him that both domestic and international cybersecurity agreements are being held up because they fail to take a narrow approach and then build out from common goals.
“Cyberspace is tremendously valuable”, Schmidt said, highlighting the fact that he was facing a packed room to hear him speak during the Gartner Security and Risk Management Summit, held this week outside Washington DC. The former Obama Administration advisor noted that everything we do today depends on the digital infrastructure we have built. And while the additional components add to the complexity, this proliferation of all-things cyberspace also tends to make our lives easier and more productive.
“Complexity is the enemy of security”, Schmidt said – something he acknowledged that security professionals have know for quite some time. “It’s a complex infrastructure…and we are tremendously dependent on it.”
So what is the government’s role in securing this entire complex digital infrastructure? Until very recently, most US government initiatives in the realm of cybersecurity have been what Schmidt characterized as a piecemeal approach, designed to combat the threats of yesterday and today but without any forward-looking vision as to what may be in store for the future.
Taking a cue from military thinking, Schmidt said “we can’t fight the battles of yesterday. We have to manage the difficult job we have in front of us now, but we also need to build toward the future.”
The former cyber czar also took issue with the negativity often promoted by those in the security field, preferring instead a solutions-based dialogue. Rather than talking about all of the bad things that have occurred, Schmidt was more interested in what can be done to solve the problems. “A lot of people can tell you about all of the bad stuff, but what are some of the things we need to do moving forward, and how do we mitigate these threats?”, he asked.
One solution Schmidt proposed was taking steps to ensure that people do not become victims of things like cybercrime – an idea that harkens back to his role in developing the Obama Administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC). By reducing the pool of potential victims, he asserted, it frees up resources to go after the most egregious violators in cyberspace – whether they be sponsored by nation-states or perpetrated by cybercriminal organizations.
“We will never be 100% secure”, Schmidt said, adding that international cooperation on cybersecurity is needed to ensure that business in cyberspace can still be conducted in a trusted manner. “We should not focus all of our time and energy on things we don’t agree on”, he said of international cybersecurity agreements. “Instead we must focus on the things we can agree on.” There will be no comprehensive strategy to address all cybersecurity needs from the outset, Schmidt observed, but nations can work together to focus on specific problems and then move on to tackle others.
Schmidt said it was a positive development that the US is now cooperating with the Chinese government on cybersecurity, and was of the opinion that a similar dialogue should be initiated with Russia to create a level of transparency. "We don't want to fall into the equivalent of a cyber Cold War", he said, and a strategy should be developed that could avoid the escalation of any conflict in cyberspace.
“We can’t forget the task ahead of us”, he told the audience of information security professionals in closing. “Security is not a destination; we must continue to work on it.”
Regardless of the shifts in technology that are certain to occur in the future, “we not only should, but we can, move forward in a manner that better protects privacy and security. That’s the [goal] we need to be working toward”, Schmidt concluded.